General IT‎ > ‎

Shibboleth Deprecated Values

posted 26 Jun 2013, 05:49 by Tristan Self
If you are seeing this when you start TomCat on a Shibboleth server you need to check your Shibboleth configuration as follows
 
13:43:13.007 - WARN [edu.internet2.middleware.shibboleth.common.config.SpringConfigurationUtils:276] - Numerical duration form is deprecated. The property 'maxValidityInterval' on metadata filter of type {urn:mace:shibboleth:2.0:metadata}RequiredValidUntil should use the duration notation: P46DT12H0M0.000S
 
Open relying-party.xml and change the maxvalidityinterval value within this section to: P46DT12H0M0.000S instead of: 4017600.

    <MetadataProvider xmlns="urn:mace:shibboleth:2.0:metadata" backingFile="C:\Program Files (x86)\Internet2\Shib2Idp/metadata/Downloaded-Metadata.xml" id="UK-MD" metadataURL="http://metadata.ukfederation.org.uk/ukfederation-metadata.xml" xsi:type="FileBackedHTTPMetadataProvider">
            <MetadataFilter xmlns="urn:mace:shibboleth:2.0:metadata" xsi:type="ChainingFilter">
                <MetadataFilter maxValidityInterval="P46DT12H0M0.000S" xmlns="urn:mace:shibboleth:2.0:metadata" xsi:type="RequiredValidUntil"/>
                <MetadataFilter requireSignedMetadata="true" trustEngineRef="shibboleth.UKFedTrustEngine" xmlns="urn:mace:shibboleth:2.0:metadata" xsi:type="SignatureValidation"/>
         <MetadataFilter xmlns="urn:mace:shibboleth:2.0:metadata" xsi:type="EntityRoleWhiteList">
                    <RetainedRole>samlmd:SPSSODescriptor</RetainedRole>
                </MetadataFilter>
            </MetadataFilter>
        </MetadataProvider>
 </metadata:MetadataProvider>

Comments